diff --git a/scripts/chroot.sh b/scripts/chroot.sh
index c61804e5bbfca088725ff80e965d7568ac41876a..ceae295157f9cab2c8da0cc26546be42027b31fc 100755
--- a/scripts/chroot.sh
+++ b/scripts/chroot.sh
@@ -813,8 +813,14 @@ cat > "${DIR}/chroot_script.sh" <<-__EOF__
 		dpkg_check
 
 		if [ "x\${pkg_is_not_installed}" = "x" ] ; then
-			echo "Log: (chroot) adding admin group to /etc/sudoers"
-			echo "%admin  ALL=(ALL) ALL" >>/etc/sudoers
+			if [ -f /etc/sudoers.d/README ] ; then
+				echo "Log: (chroot) adding admin group to /etc/sudoers.d/admin"
+				echo "%admin ALL=(ALL:ALL) ALL" >/etc/sudoers.d/admin
+				chmod 0440 /etc/sudoers.d/admin
+			else
+				echo "Log: (chroot) adding admin group to /etc/sudoers"
+				echo "%admin  ALL=(ALL) ALL" >>/etc/sudoers
+			fi
 		else
 			dpkg_package_missing
 			if [ "x${rfs_disable_root}" = "xenable" ] ; then
diff --git a/target/chroot/beagleboard.org-stretch.sh b/target/chroot/beagleboard.org-stretch.sh
index 5fecbb8468e3aa2687b666af8b1e4aae33730058..58e2b532f61bb4552faa769c1708dc7f3977f5cc 100755
--- a/target/chroot/beagleboard.org-stretch.sh
+++ b/target/chroot/beagleboard.org-stretch.sh
@@ -357,9 +357,10 @@ unsecure_root () {
 		sed -i -e 's:PermitRootLogin without-password:PermitRootLogin yes:g' /etc/ssh/sshd_config
 	fi
 
-	if [ -f /etc/sudoers ] ; then
+	if [ -d /etc/sudoers.d/ ] ; then
 		#Don't require password for sudo access
-		echo "${rfs_username}  ALL=NOPASSWD: ALL" >>/etc/sudoers
+		echo "${rfs_username} ALL=NOPASSWD: ALL" >/etc/sudoers.d/${rfs_username}
+		chmod 0440 /etc/sudoers.d/${rfs_username}
 	fi
 }